A massive attack is underway. This has started in the Ukrain but is spreading to the rest of the world fast. Yes it is about ransomware. It is different than perhaps the one you know. Petya is the name of this ransomware and it is also leveraging Eternalblue’s vulnerability (CVE-2017-0144) This time it is a new variant with an an old technic. It encrypts the volume of the infected devices rather than scrambling individual files.
Petya works by changing Window’s Master Boot Record (MBR). This then causes the Operating System to crash. Naturally when the victime reboots their infected machine, the modified MBR prevents Windows from starting normally. A ransome message is instead displayed. This asks the victime a Bitcoin equivalent of $300.
WannaCry reveals the state of affairs when it comes to system patches. Knowing this it is perhaps no surprising that this latest interation of what seem to be becoming routing will exploit a lot more machines than perhaps did WannaCry.
So far this has caused havoc on airlines, banks and utilities companies in Europe but also the US and India. At the time of writing WPP, Britain bigger advertising company is offline.
Encryption is a double edge sword and ransomware is the epiphany of how this tool can be abused especially when we are all becoming more and more dependent on having connecting machines. The picture emerging from this escalating problem is that this won’t go away anytime soon. It is a global issue and it certainly needs a global approach.
As I wrote earlier during the WannaCry patch often, patch early and definitely have a well tested backup.